ClamAV an open-source anti-virus toolkit

Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge

Configuration

You have to edit the configuration files. See the manual pages for details:

man freshclam.conf
man clamd.conf

You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.

Programs

clamconf -n tells you what non-defaults are set in your configuration.
clamscan -r directory recursively scans a directory.
freshclam updates your virus definitions.

man clamconf
man clamdscan
man clamscan
man freshclam

I added the following line to /sw/etc/anacrontab

   1       25        clamscan         nice /sw/bin/freshclam -quiet

When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.

The malware I have found is exclusively in spam mail and cached java applets.

clamdscan ˜/Library/Caches/Java\ Applets
clamdscan ˜/Library/mail\ Downloads

You can remove offending files by hand, or use the --remove option when calling clamdscan.